Cyber Threat Detection Engineer Associate - United Kingdom.
JOB SUMMARY
Locations: United Kingdom - Sandwich
Time Type: Full time
Posted On: 13 October 2023
Job Requisition Id: 4894875
Role Summary
The Global Information Security (GIS) organization secures Pfizer’s most important information assets through world class talent, top security controls and an empowered culture that serves to enable Pfizer’s mission of delivering breakthroughs that change patients’ lives.
The Cyber Threat Detection Engineering team is accountable for maintaining, creating, and validating security related detections. By working with their primary stakeholders, they maintain alerting hygiene, drive creation of new alerts, and validate Pfizer’s posture against known threats. The Threat Detection Engineering team achieves their mission by utilizing threat intelligence to drive priorities for the team and interfacing with multiple internal key stakeholders.
The Threat Detection Engineer will be accountable for developing new detections based off prioritized intelligence requirements that are relevant to Pfizer’s environment. The individual will also be accountable for identifying and modifying existing detections to reduce false positives. Additionally, the Detection Engineer will conduct breach attack simulations (BAS) utilizing various technologies. The individual will interface with Incident Response, Cyber Threat Intelligence and Cyber Threat Hunting teams to continually improve Pfizer’s ability to secure their assets from cyber threats.
The person must be highly motivated to continually grow and expand their existing technical skillset to adapt to the ever-changing threat landscape. The position is an individual contributor role that will report to the Manager, Threat Detection Engineering.
TASKS
• Create new detections and alerts to identify cyber threats based on input from multiple Information Security teams, including Threat Intelligence and Cyber Threat Hunt teams.
• Review existing signatures across all security platforms to identify opportunities for new alerts.
• Onboard new security technologies and build detections based off included logging.
• Validate detection coverage by executing intelligence led assessments against internal security technologies.
• Use existing red team tools and frameworks to validate detection posture.
• Develop new custom validation procedures for testing detection posture against known threats.
• Disseminate validation results to relevant stakeholders.
• Drive closure of gaps identified through validation exercises.
• Develop automated validation processes to increase effectiveness of validation tools.
• Work with GIS teams to increase detection effectiveness.
• Track detection signatures against known adversaries and their TTPs.
• Reduce false positive alerts and increase detection performance through standardized processes.
• Support the signature review process across all platforms (IPS, Email, Endpoint, etc.)
How You Will Achieve It
• Contribute to the completion of project tasks and/or milestones.
• Organize own work to meet project task deadlines.
• Provide security representation to business and technology solution projects to underpin the security consultancy services to ensure secure outcomes.
• Work with subject matter experts to support the launch and delivery of targeted communications to support initiatives and implementations.
• Learn and apply Pfizer policy and process standards, regulations, and industry best practices.
• Produce security risk management KPIs and metrics to drive risk reduction and excellence.
• Acquire threat intelligence and technical indicators from internal and external sources.
• Protect confidential information and operate within all policies, procedures and work instructions.
• Upgrade, maintain and recommend security tools to support testing.
Basic Qualifications
• BS in Information Security, Computer Sciences, Information Systems, Engineering, Sciences, or related field.
• entry-level experience in Detection Engineering, Incident Response, Red Team, Purple Team, Security Operations, Threat Intelligence, or other cybersecurity related function in an enterprise environment.
• Familiarity with analyzing logs for malicious behavior originating from endpoint hosts, firewalls, proxies, IDS/IPS, SIEM, Advanced Threat Detection products, etc.
• Entry level comprehension of TCP/IP, common networking ports and protocols (HTTP, DNS, etc), traffic flow, system administration, OSI model, defense-in-depth, and common security elements.
• Entry level comprehension of Windows/Linux OS system behavior in relation to malicious activity.
• Experience with building detections and alerts in SIEM, endpoint and network tools.
• Creative thinker with strong attention to detail.
• Ability to provide concise and accurate communications (both verbal and written) in produced documentation.
• Ability to communicate and establish rapport with a global team of incident responders and intelligence analysts.
• Demonstrated dedication to training, self-study and maintaining proficiency in various cyber security disciplines.
• Ability to work independently with minimal oversight.
Preferred Qualifications
• Experience supporting projects and initiatives with minimal oversight.
• Experience with performing incident response in on-prem and cloud-based environments.
• Experience with developing security and data analysis tools using one or more scripting languages such as Python, Bash, etc.
• Exposure to adversary simulation and validation tools and frameworks.
• Exposure to red team tools, methodologies, and frameworks.
• Familiarity with translating threat activity described in cyber threat intelligence reporting into detections.
• Security certifications such as Security+, GCIA, GCIH, GCTI, CEH, or similar.
Purpose
Breakthroughs that change patients' lives... At Pfizer we are a patient centric company, guided by our four values: courage, joy, equity and excellence. Our breakthrough culture lends itself to our dedication to transforming millions of lives.
Digital Transformation Strategy
One bold way we are achieving our purpose is through our company wide digital transformation strategy. We are leading the way in adopting new data, modelling and automated solutions to further digitize and accelerate drug discovery and development with the aim of enhancing health outcomes and the patient experience.
Flexibility
We aim to create a trusting, flexible workplace culture which encourages employees to achieve work life harmony, attracts talent and enables everyone to be their best working self. Let’s start the conversation!
Equal Employment Opportunity
We believe that a diverse and inclusive workforce is crucial to building a successful business. As an employer, Pfizer is committed to celebrating this, in all its forms – allowing for us to be as diverse as the patients and communities we serve. Together, we continue to build a culture that encourages, supports and empowers our employees.
DisAbility Confident
We are proud to be a Disability Confident Employer and we encourage you to put your best self forward with the knowledge and trust that we will make any reasonable adjustments necessary to support your application and future career. Our mission is unleashing the power of our people, especially those with unique superpowers. Your journey with Pfizer starts here!
Information & Business Tech
0 Comments